CVE-2023-53907 HIGH

CVE-2023-53907: Bludit 3.13.1 Authenticated Arbitrary File Download via Backup Plugin

Vendor Bludit
Product Backup Plugin
Weakness CWE-22 · Path traversal
Published December 17, 2025
Last update April 7, 2026

CVSS base score

7.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Bludit versions before 3.13.1 contain an authenticated file download vulnerability in the Backup Plugin that allows logged-in users to access arbitrary files. Attackers can exploit the plugin's download functionality by manipulating file path parameters to read sensitive system files through directory traversal.

Key dates

02Disclosure timeline

December 17, 2025 CVE published
April 7, 2026 Record updated